It happens many times every day…hackers acquire an email password (through various devious hacker techniques) and take over an unsuspecting user’s email account. Once they’re in control of the account, they typically search the account for useful information (more passwords, for instance) and then launch phishing attacks from the compromised user’s email account (usually, tailored spear phishing emails). After all, you’re pretty likely to trust an email from a relative or colleague asking you to check out some web site or review a file they’re trying to share with you.
What many people don’t know, though, is a sneaky trick hackers often use to ensure they don’t get caught right away while they’re using your email account. This trick involves the use of Outlook email rules (or “filters” in Gmail) to redirect replies from their victims into the trash or an email folder buried under some other folder. By filtering on specific words (such as words they’ve used in their phishing email), hackers reduce the risk of getting caught when one of their secondary victims replies to the compromised email account holder.
How can you tell if has happened to you? Since most hackers are smart enough to clear your “sent” email folder of their activities, it won’t do much good looking there. Instead, check your email settings for rule/filters that you didn’t put there. Here are a few examples of where to look:
The first two graphics show email rules within the web version of Outlook (commonly used with Office365) and Gmail. The third graphic shows an example of an email rule in the traditional desktop application version of Outlook. In all cases, a typical user would never notice the creation of an email rule unless he specifically went and checked. This is one reason why this technique is so effective and popular among hackers.
When was the last time you checked our email filters/rules? Who will you call if you find something you can’t explain?